diff --git a/conf/nginx.conf b/conf/nginx.conf
index 2afb59c23..a41c6f13e 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -13,7 +13,6 @@ http {
         include server-base.conf;
 
         listen 443 default proxy_protocol;
-        listen 444 default;
 
         ssl on;
         ssl_certificate ./stack/ssl.cert;
@@ -23,4 +22,18 @@ http {
         ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
         ssl_prefer_server_ciphers on;
     }
+
+    server {
+      include server-base.conf
+
+      listen 444 default;
+
+      ssl on;
+      ssl_certificate ./stack/ssl.cert;
+      ssl_certificate_key ./stack/ssl.key;
+      ssl_session_timeout 5m;
+      ssl_protocols SSLv3 TLSv1;
+      ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
+      ssl_prefer_server_ciphers on;
+    }
 }
diff --git a/conf/server-base.conf b/conf/server-base.conf
index 481afbd49..436c98e25 100644
--- a/conf/server-base.conf
+++ b/conf/server-base.conf
@@ -3,8 +3,9 @@
 client_body_temp_path /var/log/nginx/client_body 1 2;
 server_name _;
 
-#set_real_ip_from 172.17.0.0/16;
-#real_ip_header X-Forwarded-For;
+set_real_ip_from 172.17.0.0/16;
+real_ip_header X-Forwarded-For;
+real_ip_recursive on;
 
 keepalive_timeout 5;
 
@@ -12,12 +13,12 @@ if ($args ~ "_escaped_fragment_") {
     rewrite ^ /snapshot$uri;
 }
 
-#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-#proxy_set_header X-Forwarded-Proto $scheme;
-#proxy_set_header Host $http_host;
-#proxy_redirect off;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto $scheme;
+proxy_set_header Host $http_host;
+proxy_redirect off;
 
-#proxy_set_header Transfer-Encoding $http_transfer_encoding;
+proxy_set_header Transfer-Encoding $http_transfer_encoding;
 
 location / {
     proxy_pass   http://web_app_server;